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REMARKS 

Claims 1, 26 and 30 are amended to include language emphasizing advantageous 
features of the invention previously brought to the attention of the Examiner that further 
distinguish the subject matter sought to be protecteid over the applied art. Claims 3, 6, 7, 8, 
18, 28 and 32 are also amended to more clearly define the subject matter considered to be the 
invention as disclosed. While it is believed that the language of the claims as previously 
presented describe subject matter distinguishable aiid thereby patentable over the applied art, 
to advance prosecution of the application and allowance of patentable subject matter describe 
subject matter, independent claims 1 and 26 are amended without disclaimer or prejudice to 
include claims of similar, broader, or any other scope supported by the disclosure in a 
continuing application. Specifically, to further: emphasize that an embodiment of the 
invention is directed at protecting a communicatioiis network from harmful control messages 
arising either inside or outside the network, independent claim 1 is amended to requite that 
the signaling system security monitor include: 

"a plurality of message templates corresponding to approved individual ones 
of said control data messages, sequences qf such control data messages and 
informational relationships between the data contents of such data messages, 
said system security monitor being responsive to said message templates to 
perform syntax and content dependent ! screening of said control data 
messages, said content dependent [ screening including checking 
appropriateness of said control data messages in context of (i) a state of the 
communications network and (ii) prior related messages." 

The revised language emphasizes important aspects of certain embodiments of 
the invention including features of the template. That is, according to an aspect of the 
invention, a template for a transaction is : much! more than a series of individual 
templates for the messages of that transacticp. As captured by the amended language, 
a template contains the information about the relationships between messages of a call 
or transaction and their respective parameters aiid parameter values. The applied art 
foils to teach or suggest this and other features of the invention as now recited by the 
amended claims. 

Support for the added language can be found in the Specification as filed including: 
Page 9, lines 23 - 25: 

: 9. j; 

: '<} 
! i 
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...It [message checking] may also be enhanced by defining required relationships 
between successive messages associated with a call or transaction. 

Page 10, lines 4 -15: 

A Security Gatekeeper (alternatively referred to as a Signaling System 
Security Monitor) according to the invention, screens down to the application 
layer and inspects for inappropriate .application messages, parameters and/or 
parameter values as well as inappropriate relationships between messages. In 
the case of certain violations, the Gatekeeper modifies messages (e.g., 
removes a parameter, modifies a parameter value, etc.), rather than merely 
allowing the message to progress into and/or through the network or rejecting 
and discarding non-conforming messages. This is accomplished, in part, by 
screening in context, maintaining tke state of ongoing signaling exchanges 
(e.g., call setup, application query/response) and rejecting or modifying 
messages that are inappropriate to the ctrrrent state of the exchange and, as 
necessary, generating corrective messages.! This context screening maintains 
network operations and avoids "hanging lip'' the network in an unstable state. 

Page 10, line 26 - page 1 1, line 5; 

The Security Gatekeeper further facilitates screening based on a protocol 
definition of an allowable exchange, i.e., using sets of templates. The Security 
Gatekeeper permits the network operator to provision the gateway to permit 
message exchanges that are consistent with a predetermined agreed to service 
definition (while discarding or modifying messages inconsistent with that 
definition). These template definitions lean include allowable messages, 
message sequences, message parameters, and parameter values and can also 
specify the relationship between parameters in successive messages (e.g., 
same phone number in query and response). For example, the Security 
Gatekeeper may use a template check; to prohibit an AIN message from 
inappropriately modifying billing records,! such as charging a call to someone 
else's account 

Page 11, line 6- 14: 

State-based screening examines messages ;based on the context in which the 
messages arrive. To implement statje-based screening, the Security 
Gatekeeper maintains information on the states of calls and/or transactions for 
which the screening is performed, i Examples include Call Setup and 
Transaction query/response. The Security Gatekeeper maintains the status of 
the underlying state machines, whicri define the possible call and/or 
transaction states and the legitimate transitions from one state to another as 
well as the relationships between parameters in successive messages. Such a 
state transition table or graph would be usfed, for example, to allow an ACM, 
ANM or REL message in response) to anjlAM, but would prohibit an RLC 
message. 

\\ i io 

i * : 
i ;■: , • , ; 
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Page 1 1, line 28 - page 12, line 2: j ; ' 

j; 

For responses or other successive ; messages, the templates identify 
message types, mandatory and ^ptioftal parameters and value ranges, and, in 
addition, the relationship between parameters and parameter values in the 
initial message and those in successive messages. For example, if a query 
identifies a specific telephone n^imb|r, the response can likewise be required 
to pertain to that specified telephone number. 

i- 

Page 12, lines 14-23: : 1= 

! i 

Thus, the template methodology iiftpleniented by the Security Gatekeeper 
forms a common ground for agreement, defining the signaling that will be 
exchanged, without necessarily fliscljbsing or defining the service that will be 
provided or the details of its implementation. The template definitions can 
also be used to help certify the gtopcjsed application. Once an application has 
been certified, the Security Gatekeeper monitors transactions on an ongoing 
basis to ensure that each conforms tfc the appropriate template. By enforcing 
the agreed to protocol definition of [the application, the Security Gatekeeper 
insulates the network operator from Concerns about the safety and stability of 
the application while providing ;the third party service provider the flexibility 
to make non-protocol affecting; chjpges to the service and to protect its 
intellectual property. 



Page 14, lines 3 -9: { ; 

ii i. : ! 

ji- i< :.. i 

According to a feature of the! inyerition, the signaling system security 
monitor is configured to selectively] pass the control data messages between 
the signaling gateway and the signaling cpmmunication system if they pass the 
contextual tests implicitly specified in -the appropriate templates. The 
signaling system security monitor fray fiirther be configured to selectively 
enable and inhibit the signaling gateway from exchanging the control data 
messages between the remote: communication network and the signaling 

communication system. j; 

:i j; 

Page 24 (see table): \[ )\ 



Category 


Description j ; 

. — n — 4- — sT-i- ■ 


Context- 
dependent 


Appropriateness of message in view of prior related messages and 
expected/allowe&me^age sequencing, existing service 

agreements, state! ;of tjie network, privilege levels associated with 

■ ■ !i '* ? — ; — " 1 



ii j 11^ ;■ 
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OPC, DPC, CdPAandjCgPA; etc 
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Page 26, lines 27 - 30: 

These additional functions includ<ij 
message content and the network=s 
view of the state of the network ii 



context based checks ensuring that 
fiction to the message are appropriate in 
includi ng previously generated messages. 



pdjsitii 



Similar language has been added tc 
therefrom to render those claims together 
applied art. Contrary to the Examiner's 
which may or may not be performed 
transactions, or parse messages for allowed 
switch, there are two major security adyantaj*i 
network. 



independent claim 26 and claim 30 dependent 
^ith; claim 1 patentably distinguishable over the 
ion the recited functionality differs from that 



:(iS 



tie 
ttter 



One difference between a switch anqj 
security monitor is that, in the case of the l|t 

of the network can be sensitive to the route \>y 

v. 

it come over linkset 1 from network 1, or <jjv^ 
been routed to a destination (such as a switch 



message was handed off by network 1 or 
address is appropriate, but it can't determin| 
delivering traffic from that sending address! 
you receive a call from a colleague who tells; 
minutes, you'll go down and meet them. I ] ) 
Idaho, you'd be suspicious, even though ev 



Another advantage provided by a 
that it allows screening to be updated by odje 
there is no need to alter the operation; of 
against the threat. Instead, the threat ca|ti 
centralized screening point, i.e., at the 



switch - i.e., maintain state of calls and 
syntax. As distinguished from an individual 
of performing screening at the periphery of a 



; functionality provided by a signaling system 
screening that is performed at the periphery 
which the traffic entered the network (e.g., did 
>r linkset 2 from network 2?). Once traffic has 
the destination can no longer ascertain that the 
2. It can determine whether the sending 
whether it came from a network that should be 
For. example, an analogous situation may be if 
you to meet them in front of your office in 5 
oil knew that the call came from a number in 
else about the call seems legitimate. 



^ewiork 



■effy thing 



cjpiitrilized, periphery-based screening function is 
party, and in one place. If a threat is identified, 
^ach arid every switch in the network to protect 
b£ addressed by upgrading protection at the 
Hgnilib^ gateway and/or the system security monitor. 



12! 
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Further, the operator of the device can establish the desired level of protection, rather than 
relying on whatever has been implemented by switch manufacturers. 

As detailed, these are significant reasons and advantages to screening control 
messages at the periphery of the network and not the end node. 

As described, screening includes several steps. First, control data messages are 
screened for appropriate syntax. Syntax screening tells whether a message can be correctly 
and unambiguously decoded per the standard set of message definitions. Thus, according to 
an embodiment of the invention, every parameter is checked to make sure that it is a 
legitimate parameter for that message, and every parameter value is checked, to make sure 
that it is defined and meaningful for that parameter.: 

Second, content is screened. Content deals with the values contained in syntactically 
correct messages 

Third, the control data message is screened for context. Context examines a message 
with respect to related messages sent (or not sent) before. Embodiments of the invention 
include two kinds of context screening. The first iswith respect to a state machine. Given the 
state of a trunk or a transaction, certain messages are appropriate and others are not. For 
example, a call cannot be answered if no call has not been previously placed; a response to a 
query is improper if no query has been previously sent. 

The second type of context screening combines aspects of both content and context 
screening. This type of screening allows for the definition of services as acceptable 
exchanges of messages in compliance with specific sets of rules. Those rules have aspects of 
both content and context, referred to in the disclosure as templates. For purposes of the 
present explanation, these may be considered as message templates and service templates. 
Message templates define the specific allowable structures of otherwise generalized message, 
e.g., AIN messages that will be associated with a service. As with the templates that might be 
used for content screening, these templates define the required, permissible and prohibited 
parameters that may be included in the message, the permissible values of those parameters, 
and any interrelationships between the parameters of a single message. Service templates are 
similar to state machines in that they define the set of messages that would be acceptable 

13 
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given the current state of an exchange. They go a step further, however, in identifying any 
relationship tests that must be met by the related messages - for example, it might require that 
the outgoing telephone number specified in one message correspond to the incoming 
telephone number specified in a prior message. 

One of the advantages of context screening as disclosed and explained in Applicants' 
disclosure is that it allows a party whose equipment is being controlled by another party to 
monitor whether the controlling party is living up to the agreements that were made as to the 
nature of the control that is being exerted. The prior art fails to suggest, much less describe 
or enable, this type of protection of a network including: 

a signaling system security monitor, separate from the central office 
switching systems, said signaling system security monitor including a plurality 
of message templates corresponding to approved individual ones of said 
control data messages, sequences of such control data messages and 
informational relationships between the data contents of such data messages, 
said signaling system security monitor being responsive to said message 
templates to perform syntax and content dependent screening of said control 
data messages, said content dependent screening including checking 
appropriateness of said control data messages in context of(i) a state of the 
communications network and (ii) prior related messages. 

For the reasons present, independent claims 1 and 26 (the latter alone and in 
combination with dependent claim 30) are considered to be patentably distinguishable and 
allowable over the applied art. 

Each of the dependent claims is also believed to be distinguishable and patentable 
over the art of record both as dependent from the allowable subject matter of their respective 
base and any intervening claims and by including further subject matter not found in or 
suggested by the art of record. For example, claim 9 recites: 

The communications network according to claim 1 wherein 
said signaling system security monitor includes a memory storing 
states of respective ones of said central office switching systems, said 
signaling system security monitor responsive to said states for 
selecting ones of said templates; 
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s to describe or suggest a signaling system 
tate of a plurality of separate central office 



The outstanding rejections of the claims 
of motivation for combining the references as 



are further believed to be improper for lack 
applied by the Examiner. 



The initial burden is on the examjner 
the desirability of doing what the inventor 
conclusion that the claimed invention 
matter, either the references mustiea 
claimed invention or the examiner n^u$t 
reasoning as to why the artisan 
invention to have been obvious ! ir 
references." Ex parte Clapp t 227 
Inter. 1985). 



M.P.E.P. §706.02G): Contents of a 35 U.S.C. 103 Rejection and §2143.01: Suggestion or 
Motivation To Modify the References r The Prior Art Must Suggest The Desirability 



to provide some suggestion of 
has done. "To support the 
is directed to obvious subject 
pressly or impliedly suggest the 
present a convincing line of 
^vould have found the claimed 
light of the teachings of the 
TJ$PQ 972, 973 (Bd. Pat. App. & 



Of The Claimed Invention. 



The mere fact that references canib* 
render the resultant combination 
suggests the desirability of the 
16 USPQ2d 1430 (Fed. Cir. 1990). 



combined or modified does not 
o >vious unless the prior art also 
combination. In re Mills, 916 F.2d 680, 



Id. 



The Examiner's reasoning for combining tfc references is that: 



..At would have been obviouti to dne 
time the invention was made to 
signaling gateway that is configHrdfl 
messages between two 
Heilmann, into the Silva system in 
that are received and sent to each 
and filtered based on the set rules: 



Office Action at page 4. 



However, the Examiner's rationale is 
applied art of the problems nor any suggestion 
address such a problem* 
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The mere fact that references can W combined or modified does not render the 
resultant combination obvious unless the; prior art also suggests the desirability of the 
combination. In re Mills, 916 F.2d 680, 16 lb 4VJ.2d 1430 (Fed. Cir. 1990). Although a 
prior art device "may be capable of being modified to run the way the apparatus is claimed, 
there must be a suggestion or motivation in the reference to do so." (916 F.2d at 682, 16 
U.S.P.Q.2d at 1432.). 

It is well established that, even if| all aspects of the claimed invention were 
individually known in the art, such is not sufficient to establish a prima facie case of 
obviousness without some objective reason to combine the teachings of the references. Ex 
parte Levengood, 28 U.S.P.Q.2d 1300 (Bd.: Pat App. & Inter, 1993). It is, therefore, 
incumbent upon the Examiner to provide sonjie suggestion of the desirability of doing what 
the inventor has done in the Examiner's Emulation, imposition and maintenance of a 
rejection under 35 U.S.C. 103(a). "To support the conclusion that the claimed invention is 
directed to obvious subject matter, either the references must expressly or impliedly suggest 
the claimed invention or the Examiner must pjreserit a convincing line of reasoning as to why 
the artisan would have found the claimed invention to have been obvious in light of the 
teachings of the references." Ex parte Glapp,;227 tJ.S.PQ. 972, 973 (Bd. Pat. App. & Inter. 
1985). 

Thus, for the reasons presented, the rejection of all claims is believed to be improper 
and withdrawal thereof is respectfully requested. : 

In summary, claims 1 - 32 are nowi considered to be in condition for allowance. 
Favorable reconsideration of the application, as amended, and an early notification of 
allowance are respectfully requested. 

Applicants have filed concurrently hdrew^h a Petition for a Three-Month Extension 
of Time. However, if any other or additional fee is due, please charge our Deposit Account 
No. 07-2347 from which the undersigned is authorized to draw and please credit any excess 
fees to such deposit account ] 
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